Re: [squid-users] TPROXY Squid Error.

From: Nyamul Hassan <nyamul_at_gmail.com>
Date: Thu, 10 Jul 2014 07:16:27 +0600

There you go. NAT rules will not work on TProxy. You need to play
with Mangle rules. The ones I am using are:

/ip fir man
add action=mark-routing chain=prerouting disabled=no dst-port=80
new-routing-mark=_to_squid_ passthrough=yes protocol=tcp
src-address-list=_to_squid_ src-mac-address=!<MAC of squid server>
add action=mark-routing chain=prerouting disabled=no
dst-address-list=_to_squid_ new-routing-mark=_to_squid_
passthrough=yes protocol=tcp src-port=80
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=<IP of squid server>
routing-mark=_to_squid_

Notes:
* Please change the <MC of squid server> and <IP of squid server>
accordingly. Do not include the "<" or ">" tag.
* Be careful that the "!" mark before the MAC address is there
intentionally, and serves a purpose.
* We work entirely on "src-address-list", so that we can control who
passes through Squid and who does not. You could replace that with
just "src-address".
* Please disable / remove all other NAT or related rules that might
interfere with these rules here.
* These rules assume that your clients are on Real IP (which our
clients are). If the clients are on the Private IP range (as you
described), and you are still facing problems, then perhaps your NAT
rule is interfering. In that case, can you make a pastebin of the
"/export"?

Please see if these work out for you, and then advise.

Regards
HASSAN

On Thu, Jul 10, 2014 at 6:54 AM, Info OoDoO <info_at_oodoo.co.in> wrote:
> I use two ports in Micortik Router. one for WAN and other for LAN, I
> have No rules setup in Router except the natting Src and Dst for
> private to public IP and vice versa.
>
> There are two nics in squid box. but I am using only one.
>
> The Lan From router is Connected to switch and the squid nic is also
> connected to the same vlan of the switch.
>
> and i'm using a box connected to the the same vlan of the switch to test squid.
>
> Simple . Router to Switch
> Squid to Switch
> Test to Switch
>
> All in the same Vlan.
>
> Thanks,
> Ganesh J
>
>
> On Thu, Jul 10, 2014 at 6:04 AM, Nyamul Hassan <nyamul_at_gmail.com> wrote:
>> What are the rules in Mikrotik that you are using? What is the
>> network diagram? How many interfaces on Mikrotik are you using for
>> this purpose? How many NICs are there on the Squid box? Can you give
>> an idea of your network diagram?
>>
>> Also, a few days ago, I also posted the rules that I am using in
>> Mikrotik. Can you check if they match yours?
>>
>> Regards
>> HASSAN
>>
>> On Thu, Jul 10, 2014 at 6:28 AM, Info OoDoO <info_at_oodoo.co.in> wrote:
>>> Hi,
>>> I'm using Microtik 1100 AH X2 Router,
>>>
>>> here is my Basic Data from your latest script.
>>>
>>> http://pastebin.com/GHkD5yYx
>>>
>>> Thanks,
>>> Ganesh J
>>>
>>>
>>> On Wed, Jul 9, 2014 at 1:08 AM, Eliezer Croitoru <eliezer_at_ngtech.co.il> wrote:
>>>> What router are you using??
>>>>
>>>> Eliezer
>>>>
>>>> P.S. I will be at the squid irc channel for about couple hours
>>>> http://webchat.freenode.net/?channels=squid
>>>>
>>>>
>>>> On 07/08/2014 10:19 PM, Info OoDoO wrote:
>>>>>
>>>>> Configured Squid 3.4.6 again with all the options, still facing the same
>>>>> issue.
>>>>>
>>>>> Thanks,
>>>>> Ganesh J
>>>>>
>>>>>
>>>>> On Tue, Jul 8, 2014 at 11:55 PM, Nyamul Hassan <nyamul_at_gmail.com> wrote:
>>>>>>
>>>>>> We were in the same problem just a few days ago. Can you recompile and
>>>>>> check?
>>>>>>
>>>>>> Also, since you are compiling, then can you also try the latest stable
>>>>>> version 3.4.6?
>>>>>>
>>>>>> Regards
>>>>>> HASSAN
>>>>>>
>>>>>>
>>>>>> On Wed, Jul 9, 2014 at 12:24 AM, Info OoDoO <info_at_oodoo.co.in> wrote:
>>>>>>>
>>>>>>> Sorry, I installed it recently and it was not there when i compiled
>>>>>>> and configured squid from source.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Ganesh J
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Jul 8, 2014 at 11:52 PM, Info OoDoO <info_at_oodoo.co.in> wrote:
>>>>>>>>
>>>>>>>> Yes.. it is installed..
>>>>>>>>
>>>>>>>> libcap-devel.x86_64 2.16-5.5.el6 @base
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Ganesh J
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Jul 8, 2014 at 11:49 PM, Nyamul Hassan <nyamul_at_gmail.com>
>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> For your kind attention, i have not installed Squid 3.1.10 from YUM.
>>>>>>>>>>> I
>>>>>>>>>>> have Compiled and installed from the source with the following
>>>>>>>>>>> options.
>>>>>>>>>>>
>>>>>>>>>>> http://pastebin.com/jFhzd3qj
>>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Oh! If you did compile it, then can you check if you have
>>>>>>>>> "libcap-devel" installed?
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>> HASSAN
>>>>
>>>>
Received on Thu Jul 10 2014 - 01:17:13 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 10 2014 - 12:00:06 MDT